In remembrance of Bob Serino and his many contributions to both the field of banking law and the financial services community, the ABA Banking Law Committee would like to honor his accomplishments and rich life and career. After a long illness, Bob recently passed away while this article was pending publication.
There are few in our profession so universally liked and respected as Bob. His long career at the Office of the Comptroller of the Currency (OCC) made a lasting mark. He set up the OCC’s first formal enforcement office, pioneered anti-money laundering enforcement, and served for many years as deputy chief counsel. When he left the agency, he established the OCC Alumni Association, which last year was renamed the Robert Serino OCC Alumni Association. Bob subsequently joined BuckleySandler LLP, where he was a partner. He also served as a captain in the U.S. Navy Reserves.
What engaged Bob most was connecting with other people. He mentored many young lawyers and gave generously of his time and advice to colleagues. He knew how to nurture a friendship and had a wide circle of friends and colleagues, all of whom will deeply miss him.
* * *
For many years, federal banking agencies have used publicly available processes, procedures, and matrices to determine both whether a Civil Money Penalty (CMP) is justified and, if so, the size of the penalty. Most recently, on February 26, 2016, the OCC published a revised Policies and Procedures Manual “to ensure the statutory and 1998 FFIEC Interagency Policy factors are considered in CMP decisions, and to enhance the consistency of CMP decisions.”
In contrast, the Financial Crimes Enforcement Network (FinCEN) has no publicly disclosed CMP matrix or procedures to determine either a penalty is warranted or, if so, the appropriate amount. Thus, there is no publicly known process in place to ensure that FinCEN’s vast power is applied consistently and equitably. There is an urgent need for FinCEN to bring its CMP assessment process into alignment with other regulators.
Banks, Bank Secrecy Act officers, and other institution-affiliated parties live under constant threat of a FinCEN CMP, yet have no inkling whether they are, in fact, at risk and the extent of the risk. The agency’s reluctance to publish its CMP standards and procedures perpetuates banks’ and other regulated entities’ perceived lack of due process. Moreover, the uncertainty created by FinCEN’s opacity is causing havoc among compliance officers. FinCEN’s failure to act contributes to the exodus of compliance officers who face a high degree of uncertainty because of the lack of guidance on whether they may be subject to a FinCEN CMP and the amount of the penalty. Lalita Clozel, Exodus of Compliance Officers Seen if NY Plan Goes Through, American Banker, Feb. 24, 2016 (discussing potential effects on compliance officers if New York implements regulation requiring compliance officers to certify compliance with bank secrecy laws with the threat of criminal action if a problem arises); Jerry Buckley, The Compliance Officers Bill of Rights, American Banker, Feb. 22, 2016 (discussing concerns of compliance officers and need to establish protections for them so that they can perform their duties in good faith and without fear of the unknown).To illustrate, in December 2014, FinCEN assessed a $1 million civil money penalty against the chief compliance officer/senior vice president of government affairs at a major money transmitter. And in January 2016, a U.S. district court ruled that the corporate officers could be held personally liable for Bank Secrecy Act compliance failures.
In 1970, Congress enacted the Currency and Foreign Transaction Reporting Act (BSA), which was the first legislative effort to curb a growing money laundering problem in the United States. (Money laundering, per se, did not become a crime until 1986, with the passage of the Money Laundering Control Act.) The BSA imposed record keeping and reporting requirements for certain currency transactions to help identify the source, volume, and movement of currency and other monetary instruments and to maintain a record of the funds. The goal was to assist law enforcement and regulatory agencies in pursuing investigations of criminal, tax, and regulatory violations and to provide evidence useful in prosecuting money laundering and other financial crimes.
The hearings leading up to the passage of the BSA demonstrate the intent to create a “paper trail” for law enforcement to trace funds gotten from illegal activity such as gambling, tax, and narcotic sales. While the BSA was intended to provide law enforcement with the tools to put bad guys in jail, the government has used it to take civil and criminal actions against banks and other financial institutions for technical and procedural errors.
The BSA provided the Treasury Department with power to enforce the act and its regulations and to impose civil money penalties for violations. (The secretary of the Treasury has delegated authority to administer the BSA to the director of FinCEN, a bureau of the Department of the Treasury.) Because the penalties are so broad and subjective, administrative limits on that discretion are appropriate and necessary. Also, unlike the banking agencies, which cannot impose a unilateral CMP except following an administrative hearing, presided over by an independent administrative law judge (ALJ), FinCEN, can impose a CMP without a fact finding hearing before an ALJ. Once imposed, the bank or other target would need to seek a federal district court order to overturn the penalty. Because of the standard of review applied by the courts, a target institution or individual would have great difficulty in successfully challenging a FinCEN CMP order. In the meantime, the CMP becomes public and the target, especially a public reporting company, is subject to great risk.
Enforcement Powers of FinCEN
FinCEN should exercise its broad authority to assess penalties based on a determination of willfulness or negligence in a manner that is fair, consistent, and in the public interest. The act sets forth basic standards for penalties:
- Willful violations. The secretary may assess a penalty of (i) the amount involved in the transaction, up to $100,000, or (ii) $25,000, whichever is greater. 31 U.S.C. §§ 5321(a) (1)(a)(2). This statute establishes a higher penalty ceiling for violations of BSA provisions governing certain foreign transactions. For BSA/AML program violations, a separate violation occurs for each day that the violation continues, and at each office, branch, or place of business at which a violation occurs.
- Negligent violations. The secretary may assess a penalty of up to $500. However, if a financial institution engages in a “pattern of negligent violation,” an additional penalty of up to $50,000 may be assessed.
While the act provides some guidance on the size of a penalty, FinCEN CMP orders lack the facts necessary for the public to assess whether FinCEN is applying these statutory standards fairly and consistently. In contrast, a recent review of Securities and Exchange Commission (SEC) ALJ proceedings concluded that, even though there are three tiers of penalties dependent upon the severity of a violation, the general practice of the SEC and the judges has been to apply the guidelines using a common-sense approach. See Jonathan Eisenberg, How SEC Judges Calculate Civil Money Penalties, Law360, Jan. 22, 2016. Reaching such a conclusion about FinCEN’s imposition of CMPs is impossible given the lack of information available about FinCEN’s decisions.
If a target cannot come to terms with FinCEN by signing a consent order with substantial penalties, it faces the risk of FinCEN unilaterally imposing an assessment that would likely be much greater than the amount FinCEN would be willing to settle for and could possibly drive the target bank into insolvency or a forced sale. Therefore, very few, if any, penalties are litigated. An article in American Banker discussed a case in which FinCEN declared an institution to be a “primary money laundering concern” and banned it from processing transactions through the United States. The article indicates that FinCEN acted without much explanation and without a hearing to address the charge. Within a day, the bank was out of business.
If a target does not agree to a consent order and FinCEN imposes a CMP, the target has two alternatives for judicial review of the penalty.
First, the target may appeal the public assessment to a federal district court as a final agency action under the Administrative Procedures Act (APA). On review, the district court evaluates whether FinCEN has abused its discretion, a difficult burden for a bank or individual to overcome. Courts generally do not second-guess the judgment of an administrative agency unless it can be shown that the agency acted contrary to law, without basis in fact, or abused its discretion. In the case of a court challenge to a FinCEN CMP, a comparison of the CMP to other large penalties obtained through settlement may make the charge of arbitrariness more difficult to sustain.
Second, a target may wait for the Treasury Department to bring a recovery action, which it must do within two years. Under these circumstances, a target likely can seek a de novo review of FinCEN’s action in which the court decides whether the assessment was validly issued (i.e., that there was proof of a legal violation). A court could also find a lack of willfulness and deny enforcement of the CMP or find the action to be arbitrary and capricious, a task again made more difficult by large CMPs in settlements.
Neither alternative protects a target from the adverse publicity of a public penalty unilaterally imposed by FinCEN under broad statutory standards and without proper safeguards or assurance that FinCEN is acting on all of the facts. This enforcement architecture pressures institutions and individuals to voluntarily agree to FinCEN’s demands or face large public penalties. Forced settlements under duress generally do not serve the public interest or the constitutional principles at stake.
Enforcement Powers of the Bank Regulatory Agencies
In 1978, Congress amended the Financial Institutions Supervisory Act of 1966 (FISA) to provide regulators with the power to assess civil penalties for violations of certain laws. This power was based on early studies of the Administrative Conference of the United States in 1972 and the belief that the cease and desist and removal powers of the 1966 act were overkill in certain circumstances. FISA was the first statute that gave the federal banking agencies remedies, such as cease and desist and removal powers, to address problems with banks and bank officials. Before FISA, conservatorship and liquidation were the only tools available to address issues. The Financial Institution Regulatory and Interest Rate Control Act of 1978 gave the agencies the power, for the first time, to assess penalties for certain bank laws or regulations. This was amended by the Financial Institutions Reform, Recovery and Enforcement Act of 1989, which among other things, expanded the ability to bring CMP action for violation of any law or rule.
In granting the power to the agencies, Congress required a formal hearing under the APA before an independent ALJ with a final opinion to be issued by the agency and the right to appeal to a federal court of appeals. The hearing has standards and procedures that provide for due process protections. In deciding whether to bring a case and impose a penalty, Congress required the bank regulator to evaluate five statutory criteria. The five statutory criteria are: (i) the size of financial resources; (ii) the good faith of the institution or institution-affiliated party charged; (iii) the gravity of the violation; (iv) the history of previous violations; and (v) such other matters as justice may require.
Following the 1978 act, the federal banking agencies began using their CMP powers. In doing so, they believed that the five statutory criteria were not sufficient to ensure consistent use of CMP authority. In light of this, using the federal sentencing guidelines as a model, the banking agencies through the Federal Financial Examination Council (FFIEC) created 13 additional criteria. To apply the criteria, they created a matrix of factors they would consider in determining whether to bring an action and the size of any penalty. Each factor has a point value which is adjusted based on severity. The total points determine whether a penalty should be assessed and if so, a recommended amount.
On February 26, 2016, the OCC reiterated its intention to continue to apply a CMP matrix, with some adjustments, to its decision-making process for the sake of fairness and consistency. The OCC’s changes include one matrix for institutions and, for the first time, a separate matrix for institution-affiliated parties (IAPs).
Overview of the CMP Process for the OCC
If the OCC determines, after an examination or investigation, that a violation occurred for which a penalty can be assessed, the OCC evaluates a penalty based on the five statutory and now 14 other agency factors and decides whether the matter warrants additional inquiry. (The OCC’s Policies and Procedures Manual contains additional details regarding the procedures and matrices that should be followed.) A violation without this analysis does not form the basis for an action.
If the OCC decides to proceed, it notifies a potential subject (institution or individual) that the agency is preparing to issue a notice of a penalty and that the subject has 15 days to explain to the agency why a penalty is not justified or should be limited. The notice, commonly referred to as a “Fifteen Day Letter,” is not public, nor will the matter become public until there is a settlement or a hearing before an ALJ. The Fifteen Day Letter practice is similar to a “Wells Submission” with the SEC and is an opportunity for the subject to provide additional facts and explain why no action is justified. Upon request, the OCC often extends the time period to respond.
If the OCC, after review of the submission, believes an action is appropriate, the subject can either settle with the agency or request a hearing before an independent ALJ. If no settlement is reached, a hearing is held. After the hearing occurs and submissions from counsel for both sides are received, the ALJ renders an opinion and makes a recommendation to the Comptroller.
The parties involved can use the statutory and agency factors to show why the OCC should or should not take action and, if taken, what an appropriate CMP would be. The OCC notes, however, that the “policies are internal guidelines for the use of the OCC and do not create any substantive or procedural rights.” After receiving submissions from both the subject and the enforcement division, the Comptroller makes a final decision. The subject can appeal the decision to the court of appeals where the subject is located, or to the United States Court of Appeals for the District of Columbia. Similar procedures are in place for the Federal Reserve Board and the Federal Deposit Insurance Corporation Board.
BSA Cease and Desist Process for OCC
On February 29, 2016, three days after the OCC issued its new civil money penalty matrices, the OCC issued a revised bulletin on how it would apply its cease and desist powers in the case of “potential noncompliance with Bank Secrecy Act (BSA) compliance program requirements or repeat or uncorrected BSA compliance problems.” The statute requires that the OCC issue a cease and desist order when these are found.
The bulletin stated that “to ensure that the process for taking administrative enforcement actions based on such violations is measured, fair, fully informed, and timely, the OCC’s process generally includes notice and an opportunity for the bank to respond in advance of a decision to issue a mandatory cease-and-desist order.” Under this process, the OCC issues a Fifteen Day Letter to the subject if the OCC determines that a violation satisfies the criteria for a mandatory cease and desist order. The OCC’s enforcement and supervisory personnel review the case and the subject’s response and, if they believe a violation exists, present the matter to a Supervision Review Committee (SRC) for its review and recommendation to the senior deputy comptroller for a final decision. As a side note, the Consumer Financial Protection Board (CFPB) also has a similar process to obtain the views of a potential subject in private and before any enforcement action is undertaken.
FinCEN’s Lack of Process
In contrast to the OCC and other agencies, FinCEN has no uniform process or administrative standards and has never published any guidelines or standards that it applies in deciding whether to assess a penalty and, if so, the amount of the penalty. Furthermore, there is nothing unique about the BSA that would require a different process. FinCEN’s BSA actions usually address problems occurring years ago that have already been resolved by law enforcement officials or the banking regulators. These other agencies follow a process and analyze legitimate factors that are well-known in the industry when deciding how to address BSA issues.
As a regulator for financial institutions, FinCEN should comply with the same or similar standards when seeking to assess penalties. Giving largely unfettered power to FinCEN, without limitations or procedural protections, opens the door for arbitrary and unjustified decisions. FinCEN has been encouraged for years to address these concerns.
Following the publishing of my article on the lack of process and criteria for FinCEN to follow, an attorney in private practice suggested that buried, deep in the Internal Revenue Manual for use of its examination personnel, were factors that the IRS examiners should take into consideration before they refer a matter to FinCEN to consider whether to commence a penalty action.
While this list exists, FinCEN has not indicated that a subject can use them to refute a civil money penalty action. Likewise, to my knowledge there are no such factors, followed by FinCEN, when it decides to unilaterally assess a civil money penalty. Furthermore and most importantly, FinCEN has not suggested that a subject address the IRS internal referral guidelines in response to a FinCEN charge. To the contrary, even though many of the IRS factors are similar to the bank regulatory agencies, FinCEN has specifically indicated that they would not use the factors of the banking agencies.
It is suggested that, until FinCEN develops public factors for a subject to address before FinCEN commences a civil money penalty, a subject should develop a response to FinCEN, if given a chance, using the IRS internal examiner guidance.
A Call for Reform
The concerns raised above with FinCEN’s CMP process warrant reform to create a more fair and consistent process for affected institutions and individuals. Given that FinCEN has yet to address these concerns, a legislative solution may be necessary. A simple legislative fix would do the following:
- Require FinCEN to prove its case before an independent ALJ in an APA hearing and remove its authority to impose unilateral assessments;
- Subject FinCEN to statutory standards for CMPs similar to those that apply to the banking agencies, including good faith, financial capacity, etc.;
- Require FinCEN to establish criteria, similar to the factors used by the banking agencies, to provide FinCEN and subjects guidance on the factors justifying a penalty and the amount;
- Require FinCEN to provide notice, in private, of a possible CMP, the basis for the CMP, and an opportunity to respond within fifteen days or longer;
- Define “willful” to require intentional misconduct or recklessness, assuming that a “willful” violation continues to trigger a possible CMP.
- Until FinCEN develops factors on whether and how much of a penalty should be assessed, a subject should use the IRS examination manual factors in responding to a proposed civil money penalty
Alternatively, FinCEN could follow the OCC’s lead and issue its own guidance explaining its CMP assessment process and criteria. In doing so, FinCEN should consider the OCC’s recent adoption of separate CMP matrices for institutions versus IAPs. FinCEN may similarly consider separate CMP processes or matrices for institutions versus individual employees of those institutions, which may prove useful in providing individual industry actors with appropriate notice of their potential liability under the BSA. FinCEN should also follow the process for handling cease and desist actions for BSA violations set forth in the OCC’s February 29, 2016, bulletin. These reforms would go a long way toward addressing some of the common concerns the industry has with FinCEN’s implementation of its CMP powers.